Currently, all clients validate CRL-related chains, but only the OpenSSL one supports CRL checking. This results in false mappings (see e.g. erroneous certificates for Botan error VERIFIED.
The steps should be as follows:
[ ] Disable the validation of these certs on all clients except OpenSSL (in vconfig.yml)
[ ] Implement CRL checking in the remaining clients and only then enable the validation
Currently, all clients validate CRL-related chains, but only the OpenSSL one supports CRL checking. This results in false mappings (see e.g. erroneous certificates for Botan error
VERIFIED
.The steps should be as follows:
vconfig.yml
)